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(57) A system and method for secure duplex brows- 
er communication over disparate networks provides du- 
plex communication between applications such as a 
browser program running on a client computer system 
and server applications running on a server computer 
system. Standard web-based protocols used with the 
duplex communication allow use of built-in browser pro- 
gram features such as related to security and navigation 
that would otherwise be specially provided. Given the 
request-response nature of many of the standard web- 
based protocols, use of standard web-based protocols 
for duplex communication has not been readily attaina- 
ble in the past. A duplex transport system to provide the 
duplex communication includes a client component run- 
ning on the client computer system and a server com- 
ponent running on the server computer system. The 
browser program controls one or more browser applica- 
tions configured to run on the client computer system. 
One or more instances of the client component and one 
or more instances of the server component are run to 
form one or more sessions each having session identi- 
fiers. Each session has one or more data pipes, which 
are sub-sessions. A particular data pipe has a pipe iden- 
tifier and provides two independent data paths of duplex 
data traffic between the browser applications that are 
communicatively linked to the instance of the client com- 
ponent and the server applications communicatively 
linked to the instance of the server component that are 
both associated with the respective session of the par- 
ticular data pipe. Messages of the duplex data traffic 
contain both session and data pipe identifiers. 
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Description 

TECHNICAL FIELD 

[0001] The Invention relates generally to distributed 
computing environments, and more particularly to a 
server-client environment involving a system and meth- 
od to maintain secure duplex communication between 
browser-based applications on client computers and 
server applications on server computers. 

BACKGROUND OF THE INVENTION 

[0002] To take advantage of a distributed computing 
environment, many current applications are being dis- 
tributed between client and server computers. The client 
computers include browser-based applications that 
communicate over networks with server applications 
running on the server computers. The browser user in- 
terfaces have become popular given their added fea- 
tures to improve usability of the server applications. 
Some of these server applications would be enhanced 
by or necessitate duplex communication between the 
browser-based applications and the server applications 
where simultaneous two-way communication occurs in 
both directions between the client and server comput- 
ers. Requirements also exist for duplex communication 
over unsecured networks such as the Internet with en- 
hanced security such as provided by security enhanced 
protocols. Furthermore, duplex communication is desir- 
able in situations involving disparate networks com- 
prised of non-secure networks, separately adminis- 
tered, and security-protected networks, such as in cas- 
es where multiple firewalls and proxy servers must be 
navigated. 

[0003] Conventional attempts to address the need for 
duplex communication between browser-based appli- 
cations and server applications have been discourag- 
ingry inadequate. The communication mechanisms of 
the browser-based applications including HTTP (Hyper- 
text Transfer Protocol) and HTTPS (Hypertext Transfer 
Protocol Secure) use a request-response communica- 
tion scheme that is not conducive to duplex communi- 
cation. Consequently, conventional attempts have fo- 
cused on alternative duplex communication between 
the browser-based applications and the server applica- 
tions that utilize non-standard web-based mechanisms 
and protocols. 

[0004] Unfortunately, the alternative non-standard 
web-based duplex communication forfeits important 
browser user interface features such as firewall/proxy 
navigation features of HTTP including the proxy config- 
uration of the browser, HTTP authentication, Internet se- 
curity features of associated protocols such as Secure 
Sockets Layer/T ransport Layer Security (SSL/TLS), and 
access to client certificates such as used in SSL/TLS. 
As a result, additional client code must be downloaded 
and configured to compensate for lost functionality. In 
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turn, client download times are substantially increased. 
Management issues are also complicated when many 
different client network configurations are being sup- 
ported. Security issues are also made more difficult 
5 such as when access to client certificates requires plat- 
form-specific code. 

SUMMARY OF THE INVENTION 

10 [0005] The present invention resides in a method and 
system for secure duplex browser communication over 
disparate networks. Aspects of the method and system 
include a transport system for use with a client computer 
system and a server computer system. The client corn- 
's puter system and the server computer system are com- 
municatively linked to a network system. The duplex 
transport system includes a browser program, one or 
more browser applications, one or more server applica- 
tions, a client component, a server component, one or 
20 more sessions, and one or more data pipes. 

[0006] Further aspects include the browser program 
being configured to run on the client computer system 
and has built-in features associated with communication 
protocols used by the duplex transport system. The one 
25 or more browser applications are configured to run on 
the client computer system under control of the browser 
program. The one or more server applications are con- 
figured to run on the server computer system. 
[0007] Additional aspects include the client compo- 
30 nent being configured to run as one or more instances 
on the client computer system. Each instance of the cli- 
ent component is communicatively linked to one of the 
browser applications. The server component is config- 
ured to ru n as one or more instances on the server com- 
35 puter system. Each instance of the server component is 
communicatively linked to one of the server applica- 
tions. 

[0008] Regarding, the one or more sessions, aspects 
include each session having a session identifier and is 

40 an association between one of the instances of the client 
component and one of the instances of the server com- 
ponent. Regarding the one or more data pipes, aspects 
also include each data pipe being a sub-session of one 
of the sessions and has a pipe identifier. Furthermore, 

45 each data pipe is conf igured to provide two independent 
data paths between the browser application communi- 
catively linked to the instance of the client component 
associated with the session of the data pipe and the 
server application communicatively linked to the in- 

50 stance of the server component associated with the ses- 
sion of the data pipe. 

BRIEF DESCRIPTION OF THE DRAWINGS 

55 [0009] Figure 1 is a block diagram of a computing sys- 
tem suitable for employing aspects of the invention for 
secure, duplex browser communication. 
[0010] Figure 2 is a block diagram illustrating detail of 



BNSDOCID: <EP 1161048A2_I_> 



3 



EP 1 161 048 A2 



4 



the client and server computers used in the depicted 
embodiment of the present invention. 
[0011] Figure 3 is a flowchart detailing actions in- 
volved in establishing a communication session used in 
the depicted embodiment. 

[0012] Figures 4 - 7 are communication diagrams il- 
lustrating implementations for upstream and down- 
stream components of data pipes used in the depicted 
embodiment. 

DETAILED DESCRIPTION OF THE INVENTION 

[001 3] A browser communication system and related 
method for secure, duplex browse rcommunicat ion over 
disparate networks is described. In the following de- 
scription, numerous specific details are provided to pro- 
vide a thorough understanding of embodiments of the 
invention. One skilled in the relevant art, however, will 
recognize that the invention can be practiced without 
one or more of these specific details, or with other equiv- 
alent elements and components, etc. In other instances, 
well-known components and elements are not shown, 
or not described in detail, to avoid obscuring aspects of 
the invention or for brevity. 

[0014] Figure 1 and the following discussion provide 
a brief, general description of a suitable computing en- 
vironment in which the invention can be implemented. 
Although not required, embodiments of the invention will 
be described in the general context of computer-execut- 
able instructions, such as program application modules, 
objects, or macros being executed by a personal com- 
puter. Those skilled in the relevant art will appreciate 
that the invention can be practiced with other computer 
system configurations, including hand-held devices, 
multiprocessor systems, microprocessor-based or pro- 
grammable consumer electronics, network PCs, mini 
computers, mainframe computers, and the like. The in- 
vention can be practiced in distributed computing envi- 
ronments where tasks or modules are performed by re- 
mote processing devices, which are linked through a 
communications network. In a distributed computing en- 
vironment, program modules may be located in both lo- 
cal and remote memory storage devices. 
[0015] Referring to Figure 1 , a conventional personal 
computer referred herein as a client computer 10 in- 
cludes a processing unit 12, a system memory 14 and 
a system bus 1 6 that couples various system compo- 
nents including the system memory to the processing 
unit. The processing unit 12 may be any logic process- 
ing unit, such as one or more central processing units 
(CPUs), digital signal processors (DSPs), application- 
specific integrated circuits (ASIC), etc. Unless de- 
scribed otherwise, the construction and operation of the 
various blocks shown in Figure 1 are of conventional de- 
sign. As a result, such blocks need not be described in 
further detail herein, as they will be understood by those 
skilled in the relevant art. 

[001 6] The system bus 1 6 can employ any known bus 



structures or architectures, including a memory bus with 
memory controller, a peripheral bus, and a local bus. 
The system memory 14 includes read-only memory 
("ROM") 18 and random access memory ("RAM") 20. A 
basic input/output system ("BIOS") 22, which can form 
part of the ROM 18, contains basic routines that help 
transfer information between elements within the client 
computer 10, such as during start-up. 
[0017] The client computer 10 also includes a hard 
disk drive 24 for reading from and writing to a hard disk 
25, and an optical disk drive 26 and a magnetic disk 
drive 28 for reading from and writing to removable opti- 
cal disks 30 and magnetic disks 32, respectively. The 
optical disk 30 can be a CD-ROM, while the magnetic 
disk 32 can be a magnetic floppy disk or diskette. The 
hard disk drive 24, optical disk drive 26 and magnetic 
disk drive 28 communicate with the processing unit 12 
via the bus 1 6. The hard disk drive 24, optical disk drive 
26 and magnetic disk drive 28 may include interfaces or 
controllers (not shown) coupled between such drives 
and the bus 16, as is known by those skilled in the rel- 
evant art. The drives 24, 26 and 28, and their associated 
computer-readable media, provide nonvolatile storage 
of computer readable instructions, data structures, pro- 
gram modules and other data for the client computer 10. 
Although the depicted client computer 1 0 employs hard 
disk 25, optical disk 30 and magnetic disk 32, those 
skilled in the relevant art will appreciate that other types 
of computer-readable media that can store data acces- 
sible by a computer may be employed, such as magnet- 
ic cassettes, flash memory cards, digital video disks 
("DVD"), Bernoulli cartridges, RAMs, ROMs, smart 
cards, etc. 

[0018] Program modules can be stored in the system 
memory 14, such as an operating system 34, one or 
more application programs 36, other programs or mod- 
ules 38 and program data 40. The system memory 14 
also includes a browser 41 for permitting the client com- 
puter 10 to access and exchange data with sources 
such as web sites of the Internet, corporate intranets, or 
other networks as described below, as well as other 
server applications on server computers such as those 
further discussed below. The browser 41 is markup lan- 
guage based, such as Hypertext Markup Language 
(HTML) and operates with markup languages that use 
syntactically delimited characters added to the data of 
a document to represent the structure of the document. 
[0019] While shown in Figure 1 as being stored in the 
system memory 14, the operating system 34, applica- 
tion programs 36, other programs/modules 38, program 
data 40 and browser 41 can be stored on the hard disk 
25 of the hard disk drive 24, the optical disk 30 of the 
optical disk drive 26 and/or the magnetic disk 32 of the 
magnetic disk drive 28. A user can enter commands and 
information into the client computer 1 0 through input de- 
vices such as a keyboard 42 and a pointing device such 
as a mouse 44. Other input devices can include a mi- 
crophone, joystick, game pad, scanner, etc. These and 
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other input devices are connected to the processing unit 
1 2 through an interface 46 such as a serial port interface 
that couples to the bus 16, although other interfaces 
such as a parallel port, a game port or a universal serial 
bus ("USB") can be used. A monitor 48 or other display 
device is coupled to the bus 1 6 via a video interface 50, 
such as a video adapter. The client computer 10 can 
include other output devices, such as speakers, print- 
ers, etc. 

[0020] The client computer 10 can operate in a net- 
worked environment using logical connections to one or 
more remote computers, such as a server computer 60. 
The server computer 60 can be another personal com- 
puter, a server, or other type of computer, and typically 
includes many or all of the elements described above 
for the client computer 10. The server computer 60 is 
logically connected to one or more of the client comput- 
ers 1 0 under any known method of permitting computers 
to communicate, such as through a local area network 
("LAN") 64 or a wide area network ("WAN") or the Inter- 
net 66. Such networking environments are well known 
in enterprise-wide computer networks, intranets, extran- 
ets, and the Internet. 

[0021] When used in a LAN networking environment, 
the client computer 10 is connected to the LAN 64 
through an adapter or network interface 68 (communi- 
catively linked to the bus 16). When used in a WAN net- 
working environment, the client computer 10 often in- 
cludes a modem 70 or other device, such as the network 
interface 68, for establishing communications over the 
WAN/Internet 66. The modem 70 is shown in Figure 1 
as communicatively linked between the interface 46 and 
the WAN/Internet 66. In a networked environment, pro- 
gram modules, application programs, or data, or por- 
tions thereof, can be stored in the server computer 60. 
In the depicted embodiment, the client computer 10 is 
communicatively linked to the server computer through 
the LAN 64 or WAN/Internet 66 with TCP/I P middle layer 
network protocols and Hypertext Transfer Protocol Se- 
cure (HTTPS) upper layer network protocols; however, 
other similar network protocol layers are used in other 
embodiments. Those skilled in the relevant art will read- 
ily recognize that the network connections shown in Fig- 
ure 1 are only some examples of establishing commu- 
nication links between computers, and other links may 
be used, including wireless links. 
[0022] As shown in Figure 2, the depicted embodi- 
ment of the present invention is a duplex transport sys- 
tem 100 allowing the browser 41 running on the client 
computer 10 to conduct secure, duplex network com- 
munications over networks such as the WAN/Internet 66 
with server applications 60c running on the server com- 
puter 60. The browser 41 controls browser applications 
36a that are used by the browser in conjunction with the 
duplex transport system 100. These browser applica- 
tions 36a involve software languages and processes 
such as Java applets, ActiveX, JavaScript, VBScript 
procedures, etc. The server applications 60c include 



general and specific purpose software providing desired 
functionality to users of the client computer 10. Alterna- 
tive embodiments involve other types of applications 
running on the client computer 1 0 other than the browser 
5 41 for duplex communication with applications running 
on other server computers 60. The alternative embodi- 
ment client applications otherthan the browser 41 utilize 
utility applications similar to the browser applications 
36a. 

w [0023] The duplex transport system 100 includes a cli- 
ent component, DT/Browser 38a, running on the client 
computer 1 0 as one of the other programs 38. The du- 
plex transport system 1 00 further includes a server com- 
ponent, DT/Server 60a, running on the server computer 

15 60. The DT/Browser 38a and the DT/Server 60a are 
linked across the WAN/Internet 66 . The DT/Browser 38a 
and the DT/Server 60a of the duplex transport system 
100 establishes one or more data pipes 102 between 
one or more of the browser applications 36a and one or 

20 more of the server applications 60c for secure, duplex 
communication. Each of the data pipes 102 between 
one of the browser applications 36a and one of the serv- 
er applications 60c includes two independent data paths 
that allow for concurrent sending and receiving of data 

25 between the browser application and the server appli- 
cation. 

[0024] The duplex transport system 1 00 allows stand- 
ard features and mechanisms to be readily available for 
communication between the browser applications 36a 

30 and the server applications 60c. For instance, commu- 
nication uses uniform resource locators (URLs), which 
is an Internet and web-based addressing standard. Oth- 
er standard features and mechanisms readily available 
include firewall/proxy navigation features of Hypertext 

35 Transfer Protocol (HTTP) including the browser's 41 
proxy configuration, HTTP authentication, standard In- 
ternet non-secure and secure protocols such as Trans- 
mission Control Protocol/Internet Protocol (TCP/IP), 
Secure Sockets Layer/Transport Layer Security (SSL/ 

40 TLS), HTTP Secure (HTTPS) and Internet Protocol Se- 
cure (IPSEC), and access to client certificates for use 
with security protocols. 

[0025] By facilitating use of standard web-based pro- 
tocols and other standard mechanisms, the duplex 

45 transport system 100 further allows use of the built-in 
functionality of the browser 41 as opposed to conven- 
tional duplex systems that do not facilitate use of stand- 
ard web-based protocols and other standard mecha- 
nisms. As mentioned, the conventional communication 

50 systems must replace lost browser functionality through 
duplicative efforts due to their avoidance of HTTPS and 
other standard web-based protocols. These duplicative 
efforts of the conventional systems are unnecessary 
with the duplex transport system 100. 

55 [0026] In the depicted embodiment the duplex trans- 
port system 100 requires execution of the browser ap- 
plications 36a within and under control of the browser 
41 as an HTTP client, the operating environment of the 
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client computer 1 0, or a virtual machine. In the depicted 
embodiment, the DT/Browser 38a and the DT/Server 
60a communicate using the HTTP. Security features uti- 
lized by the depicted embodiment include those speci- 
fied by Internet and World Wide Web (WWW) standards 5 
organizations, such as SSL/TLS and IPSEC. 
[0027] Other embodiments of the duplex transport 
system 100 utilize other request-response type proto- 
cols, other compatible security protocols and media for 
communication, and/or the same and/or other protocols 
approved by communications standards organizations 
including but not limited to such standards organizations 
as the International Telecommunications Union (ITU) in- 
cluding such committees as the Telecommunications, 
and the Telecommunications Standards Sector commit- 
tee, and the Internet Architecture Board including such 
task forces as the Internet Engineering Task Force and 
the Internet Research Task Force. 
[0028] All communication between the browser appli- 
cations 36a and one of the server applications 60c is 
conducted through one of the data pipes 1 02. A DT Ses- 
sion is an association between an instance of the DT/ 
Browser 38a and an instance of the DT/Server 60a. The 
server computer 60 can support one or more concurrent 
instances of the DT/Server 60a having associations 
through DT Sessions with one or more instances of the 
DT/Browser 38a existing on one or more of the client 
computers 1 0. Creation of the data pipes 1 02 are de- 
pendent upon creation of one or more DT Sessions. 
[0029] The process of creating a DT Session starts 
with one of the server applications 60c registering a Ses- 
sion Listener callback function with the DT/Server 60a 
(step 1 1 2 of Figure 3). Based upon some initiating action 
on the client computer 10, one of the browser applica- 
tions 36a creates an instance of the DT/Browser 38a to 
run on the client computer (step 114). Subsequently, the 
DT/Browser 38a establishes communication over the 
WAN/Internet 66 with a daemon running on the server 
computer 60 (step 116), which consequently causes 
creation of an instance of the DT/Server 60a to run on 
the server computer 60 (step 118). A Session Identifier 
that is unique to the particular DT Session is assigned 
(step 120) to be used in managing each DT Session cre- 
ated because DT Sessions may be multiplexed through 
a single network socket resource. The server applica- 
tion 60c that registered the Session Listener is then no- 
tified of the new instance of the DT/Server 60a (step 
122). 

[0030] Each DT Session provides one or more of the 
data pipes 102, which are independent duplex sub-ses- 
sions. Upon creation, each DT Session provides a first 
data pipe 102 referred to as the primary pipe. If more of 
the data pipes 1 02 are required, either one of the brows- 
er applications 36a or one of the server applications 60c 
submits requests with respect to the particular DT Ses- 
sion involved. To create more of the data pipes 102 in 
addition to the primary pipe for a particular DT Session, 
the server application 60c associated with the particular 



DT Session registers a Pipe Listener callback function 
with the DT/Server instance of the particular DT Session 
(step 124). When the browser application 36a of the par- 
ticular DT Session create an instance of the data pipe 
102 from the associated DT/Browser instance, a corre- 
sponding instance of the data pipe 102 from the asso- 
ciated DT/Server instance is also created (step 126), 
and the associated server application 60c is notified 
through the Pipe Listener callback function (step 128). 
Alternatively, a DT/Server instance can initiate the data 
pipe 102 through steps 124, 126, and 128. As a result 
of a DT/Server instance initiating a data pipe 102, an 
associated DT/Browser instance is created, if more 
pipes are required (yes in step 130), the procedure is 
repeated starting with registering another Pipe Listener 
(step 124). Otherwise, the procedure ends if no more 
pipes are required. Pipes may be closed and new ones 
created at any time while the DT Session is active. 
[0031] Each of the data pipes 1 02 is assigned a Pipe 
identifier that is unique to its associated DT Session. 
The Pipe Identifier is important because every request 
and reply message as part of request- reply communi- 
cation between associated instances of the DT/Browser 
38a and the DT/Server 60a carries multiplexed pipe traf- 
fic. Each request - reply carries message parameters 
including the Pipe Identifier and a Pipe Sequence 
Number, which identifies order sequence of messages 
within a particular one of the data pipes 102. The Pipe 
Sequence Number is used for matching requests and 
replies for overlapped requests (discussed further be- 
low). 

[0032] The duplex transport system 100 includes 
three browser functions to be used with the data pipes 
1 02 associated with the instance of the DT/Browser 38a 
and three server functions to be used with the data pipes 
102 associated with the instance of the DT/Server 60a. 
The three browser functions include Browser Write, 
Browser Read (synchronous), and Browser Receive 
(asynchronous). In alternative embodiments having cli- 
ent applications involving duplex communication with 
other server applications, similar write, read, and re- 
ceive functions would be utilized by the client applica- 
tions. Under Browser Write, one of the browser applica- 
tions 36a presents its data buffer and length. Control re- 
turns to the browser application 36a either after data has 
been placed in an outgoing buffer of the data pipe 1 02 
of the associated instance of the DT/Browser 38a, after 
the data has been sent to the data pipe 1 02 of the as- 
sociated instance of the DT/Server 60a, or after a reply 
has been received from the data pipe 1 02 of the asso- 
ciated instance of the DT/Server 60a. 
[0033] Under Browser Read (synchronous), one of 
the browser applications 36a presents its data buffer for 
reading and its buffer maximum length. Data is placed 
in the data buffer of the browser application 36a and 
control returned to the browser application either when 
data is received from the data pipe 102 of the associated 
instance of the DT/Server 60a or when data exists in the 
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Incoming buffer of the data pipe 1 02 of the associated 
instance of the DT/Browser 38a. Under Browser Re- 
ceive (asynchronous), one of the browser applications 
36a registers a callback function when the associated 
instance of the DT/Browser 38a is created. Whenever 
data is received from the data pipe 1 02 of the associated 
instance of the DT/Server 60a, this callback function is 
invoked thereby passing the received data. 
[0034] The three server functions include Server 
Write, Server Read (synchronous), and Server Receive 
(asynchronous). Under Server Write, one of the server 
applications 60c presents its data buffer and length. 
Control returns to the server application 60c either after 
data has been placed in an outgoing buffer of the data 
pipe 1 02 of the associated instance of the DT/Server 
60a, or has been sent to the data pipe 102 of the asso- 
ciated instance of the DT/Browser 38a. Under Server 
Read (synchronous), one of the server applications 60c 
presents its data buffer for reading and its buffer maxi- 
mum length. Data is placed in the data buffer of the serv- 
er application 60c and control returned to the server ap- 
plication either when data exists in the incoming buffer 
of the data pipe 1 02 of the associated instance of the 
DT/Server 60a or when data is received from the data 
pipe 1 02 of the associated instance of the DT/Browser 
38a. Under Server Receive (asynchronous) one of the 
server applications 60c registers a callback function 
when the associated instance of the DT/Server 60a is 
created. Whenever data is received from the data pipe 
1 02 of the associated instance of the DT/Browser 38a, 
this callback function is invoked thereby passing the re- 
ceived data. 

[0035] The duplex transport system 1 00 performs du- 
plex communication and consequently provides two in- 
dependently operating data paths for each of the data 
pipes 1 02. Associated with these independently operat- 
ing data paths the data pipes 1 02 of both the DT/Brows- 
er 38a and the DT/Server 60a have an upstream com- 
ponent providing client-to-server single direction data 
flow and a downstream component providing server-to- 
client single direction data flow. There are variations in 
how both the upstream and downstream components 
can be implemented. The upstream components of the 
data pipes 1 02 of the DT/Browser 38a and the DT/Serv- 
er 60a have basic and overlapped implementation var- 
iations and the downstream components of the data 
pipes 1 02 of the DT/Browser 38a and the DT/Server 60a 
have basic and read-ahead implementation variations. 
The depicted embodiment of the duplex transport sys- 
tem 100 is configured to accommodate any or all of 
these implementation variations of the upstream and 
downstream components. Alternative embodiments 
can implement further variations. The following discus- 
sion of data flow is applicable to operating DT Sessions 
and data pipes 102. 

[0036] For client-to-server single direction data flow, 
the upstream components of the data pipes 102 of the 
DT/Browser 38a and the DT/Server 60a have an up- 



stream basic implementation and an upstream over- 
lapped implementation. The upstream basic implemen- 
tation starts when one of the server applications 60c that 
is associated with a particular DT Session prepares to 

5 receive data from one of the browser applications 36a 
that is associated with the same particular DT Session 
by invoking the Server Read function and presenting the 
data buffer of the server application to the upstream 
component of the associated data pipe 1 02 of the asso- 

10 ciated instance of the DT/Server 60a (communication 
140 of Figure 4). 

[0037] Next, one of the browser applications 36a per- 
forms a Browser Write where the browser application 
writes data to the upstream component of the associat- 
es ed data pipe 1 02 of the associated instance of the DT/ 
Browser 38a (communication 142). Consequently, the 
associated instance of the DT/Browser 38a sends an 
HTTP Post along with the Browser Write data to the as- 
sociated instance of the DT/Server 60a (communication 

20 144). The associated instance of the DT/Server 60a 
then sends either a Server Read Return or a Server Re- 
ceive Callback along with the Browser Write data to the 
associated server application 60c (communication 146), 
which returns control to the server application along with 

25 providing the Browser Write data. 

[0038] The associated instance of the DT/Server 60a 
also sends an HTTP Post Reply to the associated in- 
stance of the DT/Browser 38a (communication 148), If 
a Server Read (synchronous) is not outstanding when 

30 data arrives at the associated instance of the DT/Server 
60a, the data is buffered. A buffer full condition will block 
the HTTP Post Reply in communication 1 48 until the da- 
ta is sent to the associated instance of the server appli- 
cation 60c to relieve the buffer of the associated in- 

35 stance of the DT/Server 60a. Consequently, the associ- 
ated instance of the DT/Browser 38a sends a Browser 
Write Return to the associated browser application 36a 
(communication 150), which returns control to the 
browser application. 

40 [0039] The upstream overlapped implementation 
(Figure 5) differs from the upstream basic implementa- 
tion (Figure 4) having an order of communication some- 
what altered. The order of communication for the up- 
stream basic implementation is 140, 142, 144, 146,148, 

45 and 1 50 as shown in Figure 4, whereas the order of com- 
munication forthe upstream overlapped implementation 
is 140, 142, 144, 150, 146, and 148 as shown in Figure 
5. With the upstream basic implementation (Figure 4) 
the Browser Write Return is not sent to the associated 

50 browser application 36a (communication 150) thereby 
completing the Browser Write operation until after the 
HTTP Post reply has been received (communication 
148). 

[0040] In the upstream overlapped implementation 
55 (Figure 5) a more immediate Browser Write Return 
(communication 150) allows additional Browser Write 
Data calls (communication 142) and resulting HTTP 
Post requests (communication 144) to occur before the 
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associated instance of the DT/Browser 38a receives the 
initial HTTP Post Reply (communication 148) causing 
overlapping. Pipe Sequence Numbers are used for 
tracking the HTTP requests and replies and are partic- 
ularly helpful with the overlapping of the upstream over- 
lapped implementation. 

[0041] For server-to-client single direction data flow, 
the downstream components of the data pipes 1 02 of 
the DT/Browser 38a and the DT/Server 60a have a 
downstream basic implementation and a downstream 
read-ahead implementation. The downstream basic im- 
plementation starts when one of the browser applica- 
tions 38a that is associated with a particular DT Session 
prepares to receive data from one of the server applica- 
tions 60c that is associated with the same particular DT 
Session by invoking the Browser Read function and pre- 
senting the data buffer of the browser application to the 
downstream component of the data pipe 102 of the in- 
stance of the DT/Browser 38a associated with the par- 
ticular DT Session (communication 160 of Figure 6). 
[0042] Next the associated instance of the DT/Brows- 
er 38a sends an HTTP Get Request to the instance of 
the DT/Server 60a associated with the particular DT 
Session (communication 162). If no data is available at 
the instance of the DT/Server 60a associated with the 
particular DT Session from the associated server appli- 
cation 60c when the associated instance of the DT/Serv- 
er 60a receives the HTTP Get Request, a timer is started 
with a Get Timeout value. If the timer expires before any 
data is available, an HTTP Get Reply with no data is 
sent back to the associated instance of the DT/Browser 
38a causing the associated instance of the DT/Browser 
to re-send the HTTP Get Request. This refresh cycle is 
intended to keep the browser from timing out and closing 
the connection prematurely. 

[0043] In the case illustrated in Figure 6, the associ- 
ated server application 60c sends data to the data pipe 
1 02 of the associated instance of the DT/Server 60a with 
a Server Write (communication 164) before timer expi- 
ration. The associated instance of the DT/Server 60a 
then sends a HTTP Get Reply with the data to the as- 
sociated instance of the DT/Browser 38a (communica- 
tion 166) and returns control to the associated server 
application 60c with a Server Write Return (communi- 
cation 168). The data pipe 102 of the associated in- 
stance of the DT/Browser 38a then returns control to the 
associated browser application 36a along with the data 
with a Browser Read Return (communication 170). 
[0044] The downstream read-ahead implementation 
(Figure 7) differs from the downstream basic implemen- 
tation (Figure 6) in that the downstream basic implemen- 
tation relies on the Browser Read function to cause an 
HTTP Get Request, whereas the downstream read- 
ahead implementation issues an HTTP Get request in- 
dependently of any Browser Reads. As a consequence 
of this difference between the downstream basic and 
downstream read-ahead implementations, the order of 
communication for the downstream basic implementa- 



tion is 160, 162, 164, 166, 168, and 170 as shown in 
Figure 6, whereas the order of communication for the 
downstream read-ahead implementation is 162, 164, 
166, 168, 160, and 172 as shown in Figure 7. With the 

5 downstream read-ahead implementation (Figure 7), da- 
ta is sent from the associated server application 60c 
through the data pipe 102 of the associated instance of 
the DT/Server 60a on to the data pipe 1 02 of the asso- 
ciated instance of the DT/Browser 38a (particularly corn- 
to munications 162, 164, and 166) before the associated 
browser application 36a prepares to receive data by in- 
voking the Browser Read (communication 160). 
[0045] For the downstream read-ahead implementa- 
tion (Figure 7), after the Browser Read (communication 

15 160) occurs, the data pipe 102 of the associated in- 
stance of the DT/Browser 38a sends a Browser Read 
Return (synchronous) along with the data to the asso- 
ciated browser application 36a (communication 172). 
The downstream read-ahead implementation has an 

20 option for the associated instance of the DT/Browser 
38a of using a Browser Receive (asynchronous) to send 
data to the associated browser application 36a instead 
of a Browser Read Return forcommunication 172. If the 
Browser Receive is used, then the Browser Read in 

25 communication 160 is unnecessary. The downstream 
basic implementation does not have the Browser Re- 
ceive (asynchronous) option. When using the Browser 
Read (synchronous) option, if a Browser Read (commu- 
nication 1 60) is not outstanding when data arrives at the 

30 associated instance of the DT/Browser 38a, the data is 
buffered. A buffer full condition will block subsequent 
HTTP Get Requests from the associated instance of DT/ 
Browser 38a until for example, a Browser Read (com- 
munication 1 60) is received by the associated instance 

35 of the DT/Browser 38a. 

[0046] Another version of the downstream read- 
ahead implementation includes an overlapped feature 
whereas the associated instance of the DT/Browser 38a 
may send additional HTTP Get Requests to the instance 

40 of the DT/Server 60a associated with the particular DT 
Session in one or more additional communications 162. 
The instance of the DT/Server 60a associated with the 
particular DT session queues each HTTP Get request 
until data is available from additional Server Write data 

45 calls (additional communications 164). This causes an 
overlapping of the communication wherein pipe se- 
quence numbers are used to track the overlapping. 
[0047] From the foregoing it will be appreciated that, 
although specific embodiments of the invention have 

50 been described herein for purposes of illustration, vari- 
ous modifications may be made without deviating from 
the spirit and scope of the invention. Accordingly, the 
invention is not limited except as by the appended 
claims. 

55 
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Claims 

1 . A duplex transport system for use with a client com- 
puter system and a server computer system, the cli- 
ent computer system and the server computer sys- 
tem communicatively linked to a network system, 
the duplex transport system comprising: 

a browser program configured to run on the cli- 
ent computer system, the browser program 
having built-in features associated with com- 
munication protocols used by the duplex trans- 
port system; 

one or more browser applications configured to 

run on the client computer system under control 

of the browser program; 

one or more server applications configured to 

run on the server computer system; 

a client component configured to run as one or 

more instances on the client computer system, 

each instance of the client component being 

communicatively linked to one of the browser 

applications; 

a server component configured to run as one 
or more instances on the server computer sys- 
tem, each instance of the server component be- 
ing communicatively linked to one of the server 
applications; and 

the client component and the server compo- 
nent configured such that each of the one or 
more instances of the client component is as- 
sociated with one of the one or more instances 
of the server component to form a session for 
each association, each session having a ses- 
sion identifier and one or more sub-sessions 
designated as one or more data pipes , each da- 
ta pipe being a sub-session of a particular ses- 
sion, having a pipe identifier, and configured to 
provide two independent data paths of duplex 
data traffic between the browser application 
communicatively linked to the instance of the 
client component associated with the particular 
session and the server application communica- 
tively linked to the instance of the server com- 
ponent associated with the particular session. 

2. The duplex transport system of claim I wherein 
some of the built-in features of the browser program 
are associated with either Hypertext Transfer Pro- 
tocol (HTTP), Hypertext Transfer Protocol Secure 
(HTTPS), Internet Protocol Secure (IPSEC), Se- 
cure Sockets Layer/T ransport Layer Security (SSL/ 
TLS), other request-response protocols, and/or the 
same and/or other protocols approved by commu- 
nication standards organizations including but not 
limited to such standards organizations as the In- 
ternational Telecommunications Union (ITU) includ- 
ing such committees as the Telecommunications, 



and the Telecommunications Standards Sector 
committee, and the Internet Architecture Board in- 
cluding such task forces as the Internet Engineering 
Task Force and the Internet Research Task Force. 

5 

3. The duplex transport system of claim 1 wherein the 
client component and the server component is fur- 
ther configured such thatthe one or more data pipes 
of a session based on an association between an 

10 instance of the client component and an instance of 
the server component are configured to provide da- 
ta paths of duplex data traffic comprising messages, 
each message containing one of the pipe identifi- 
ers. 

15 

4. The duplex transport system of claim 1 wherein the 
client component and the server component is fur- 
ther configured such that the one or more data pipes 
of a session based on an association between an 

20 instance of the client component and an instance of 
the server component are configured to provide da- 
ta paths of duplex data traffic comprising messages 
that each contain one of the pipe identifiers identi- 
fying the data pipe and a pipe sequence number, 

25 the pipe sequence number identifying an order of 
the messages in the duplex data traffic associated 
with the data pipe. 

5. The duplex transport system of claim 1 wherein the 
30 client component and the server component is fur- 
ther configured such that the one or more data pipes 
of a session based on an association between an 
instance of the client component and an instance of 
the server component are assigned the pipe identi- 

35 fier corresponding to the data pipe used by that 
message. 

6. The duplex transport system of claim 1 wherein the 
client component and the server component is fur- 

40 ther co nf igured such that the one or more data pipes 
of a session based on an association between an 
instance of the client component and an instance of 
the server component utilize the communication 
protocols associated with the built-in features of the 

45 browser program for the duplex data traffic. 

7. The duplex transport system of claim 1 wherein the 
built-in features of the browser program involve one 
or more of the following: uniform resource locators 

50 (URLs), firewall/proxy navigation under Hypertext 

Transfer Protocol (HTTP), proxy configuration of 
the browser program, HTTP authentication, Trans- 
mission Control Protocol/Internet Protocol (TCP/ 
IP), Secure Sockets Layer/Transport Layer Security 

55 (SSL/TLS), HTTP Secure (HTTPS), Internet Proto- 
col Secure (IPSEC), and access to client certifi- 
cates for use with security protocols. 
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8. A duplex transport system for use with a client com- 
puter system having a client application controlling 
a utility application, the client computer system 
communicatively linked to a network system and a 
server computer system having a server applica- 
tion, the server computer system communicatively 
linked to the network system, the duplex transport 
system comprising: 

a client component configured to run as an in- 
stance on the client computer system, the in- 
stance of the client component being commu- 
nicatively linked to one of the utility applica- 
tions; 

a server component configured to run as an in- 
stance on the server computer system, the in- 
stance of the server component being commu- 
nicatively linked to one of the server applica- 
tions; and 

the client component and the server compo- 
nent configured such that the instance of the 
client component is associated with the in- 
stance of the server component in an associa- 
tion to form a session, the session having a ses- 
sion identifier and a sub-session designated as 
a data pipe, the data pipe having a pipe identi- 
fier and configured to provide two independent 
data paths of duplex data traffic between the 
utility application communicatively linked to the 
instance of the client component and the server 
application communicatively linked to the in- 
stance of the server component. 

9. The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the duplex data traffic of 
the data pipe of the session formed from the asso- 
ciation between the instance of the client compo- 
nent and the instance of the server component uti- 
lizes Hypertext Transfer Protocol (HTTP), Hyper- 
text Transfer Protocol Secure (HTTPS), Internet 
Protocol Secure (IPSEC), Secure Sockets Layer/ 
Transport Layer Security (SSL/TLS), other request- 
response protocols, and/or the same and/or other 
protocols approved by communication standards 
organizations including but not limited to such 
standards organizations as the International Tele- 
communications Union (ITU) including such com- 
mittees as the Telecommunications, and the Tele- 
communications Standards Sector committee, and 
the Internet Architecture Board including such task 
forces as the Internet Engineering Task Force and 
the Internet Research Task Force. 

1 0. The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the data pipe of the ses- 
sion formed from the association between the in- 



stance of the client component and the instance of 
the server component provides the data paths of 
duplex data traffic comprising messages that each 
contain the pipe identifier. 

5 

11 . The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the data pipe of the ses- 
sion formed from the association between the in- 
fo stance of the client component and the instance of 

the server component data pipe is configured to 
provide data paths of duplex data traffic comprising 
messages that each contain the pipe identifier iden- 
tifying the data pipe and a pipe sequence number, 
15 the pipe sequence number identifying an order of 
the messages in the duplex data traffic associated 
with the data pipe. 

12. The duplex transport system of claim 8 wherein the 
20 client computer and the server component are fur- 
ther configured such that the session formed from 
the association between the instance of the client 
component and the instance of the server compo- 
nent further comprises a second data pipe being a 

25 second sub-session of the session, the second data 
pipe having a pipe identifier, configured to provide 
two additional independent data paths of a second 
duplex data traffic between the utility application 
and the server application, and being a secondary 

so data pipe. 

13. The duplex transport system of claim 8 wherein the 
client component is configured to run with a browser 
program. 

35 

14. The duplex transport system of claim 8 wherein the 
client component and the server component are fur- 
ther configured to run as second instances where 
the second instances of the client component and 

40 server component are associated in an association 
to form a second session having a session identifier. 

15. A client computer system for use with a duplex 
transport system and a server computer system 

45 having a server application, the client computer sys- 
tem and the server computer system having a serv- 
er component communicatively linked to a network 
system, the client computer system comprising: 

50 a client computer; 

a browser program configured to run on the cli- 
ent computer the browser program having 
built-in features associated with communica- 
tion protocols used by the duplex transport sys- 

55 tern; 

one or more browser applications configured to 
run on the client computer under control of the 
browser program; 
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a client component configured to run as one or 
more instances on the client computer, each in- 
stance of the client component being commu- 
nicatively linked to one of the browser applica- 
tions, each instance of the client component 5 
configured to be associated with an instance of 
the server component to form a session with a 
session identifier, the client component further 
configured to be associated with one or more 
data pipes, each data pipe being a sub-session 10 
of one of the sessions formed between instanc- 
es of the client component and instances of the 
server component, each data pipe having a 
pipe identifier, each data pipe configured to pro- 
vide two independent data paths of duplex data *s 
traffic between the browser application commu- 
nicatively linked to the instance of the client 
component associated with the session of the 
data pipe and the server application communi- 
catively linked to the instance of the server 20 
component associated with the session of the 
data pipe. 

16. The client computer system of claim 15 wherein 
some of the built-in features of the browser program 25 
are associated with either Hypertext Transfer Pro- 
tocol (HTTP), Hypertext Transfer Protocol Secure 
(HTTPS), Internet Protocol Secure (IPSEC), Se- 
cure Sockets Layer/Transport Layer Security (SSL/ 
TLS), other request-response protocols, and/or the 30 
same and/or other protocols approved by commu- 
nication standards organizations including but not 
limited to such standards organizations as the In- 
ternational Telecommunications Union (ITU) includ- 
ing such committees as the Telecommunications, 35 
and the Telecommunications Standards Sector 
committee, and the Internet Architecture Board in- 
cluding such task forces as the Internet Engineering 
Task Force and the Internet Research Task Force. 

40 

17. The client computer system of claim 15 wherein the 
client component is further configured to form an as- 
sociation between an instance of the client compo- 
nent and an instance of the server component to 
form a session that has more than one data pipe, 
each data pipe having duplex data traffic of mes- 
sages, each message being assigned a pipe iden- 
tifier corresponding to the data pipe used by each 
message. 

50 

18. The client computer system of claim 15 wherein the 
client component is further configured to form an as- 
sociation between the instance of the client compo- 
nent and an instance of the server component to 
form a session having one or more data pipes that 55 
utilize the communication protocols associated with 

the built-in features of the browser program for du- 
plex data traffic. 



The client computer system of claim 15 wherein the 
built-in features of the browser program involve one 
or more of the following: uniform resource locators 
(URLs), firewall/proxy navigation under Hypertext 
Transfer Protocol (HTTP), proxy configuration of 
the browser program, HTTP authentication, Trans- 
mission Control Protocol/Internet Protocol (TCP/ 
IP) ; Secure Sockets Layer/Transport Layer Security 
(SSL/TLS), HTTP Secure (HTTPS), Internet Proto- 
col Secure (IPSEC), and access to client certifi- 
cates for use with security protocols. 

A server computer system for use with a duplex 
transport system and a client computer system, the 
client computer system having a client component 
and a browser application and the server computer 
system communicatively linked to a network sys- 
tem, the server computer system comprising: 

a server computer; 

one or more server applications configured to 
run on the server computer; 
a server component configured to run as one 
or more instances on the server computer, each 
instance of the server component being com- 
municatively linked to one of the server appli- 
cations, each instance of the server component 
configured to be associated with an instance of 
the client component to form a session with a 
session identifier, the server component further 
configured to be associated with one or more 
data pipes, each data pipe being a sub-session 
of the session, each data pipe having a pipe 
identifier, each data pipe configured to provide 
two independent data paths of duplex data traf- 
fic between the browser application communi- 
catively linked to the instance of the client com- 
ponent associated with the session of the data 
pipe and the server application communicative- 
ly linked to the instance of the server compo- 
nent associated with the session of the data 
pipe. 

. The server computer system of claim 20 wherein 
some of the built-in features of the browser program 
are associated with either Hypertext Transfer Pro- 
tocol (HTTP), Hypertext Transfer Protocol Secure 
(HTTPS) : Internet Protocol Secure (IPSEC), Se- 
cure Sockets Layer/Transport Layer Security (SSL/ 
TLS), other request- response protocols, and/or the 
same and/or other protocols approved by commu- 
nication standards organizations . including but not 
limited to such standards organizations as the In- 
ternational Telecommunications Union (ITU) includ- 
ing such committees as the Telecommunications, 
and the Telecommunications Standards Sector 
committee, and the Internet Architecture Board in- 
cluding such task forces as the Internet Engineering 
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Task Force and the Internet Research Task Force 

22. The server computer system of claim 20 wherein 
the server component is further configured to be as- 
sociated with the client component in an association 5 
to form a session that has more than one data pipes 
having duplex data traffic where each message of 
the duplex data traffic is assigned the pipe identifier 
corresponding to the data pipe used by each mes- 
sage. 10 

23. The server computer system of claim 20 wherein 
the server component is further configured to be as- 
sociated with the client component in an association 

to form a session that has one or more data pipes '5 
that utilize the communication protocols associated 
with the built-in features of the browser program for 
the duplex data traffic. 

24. The server computer system of claim 20 wherein 20 
the built-in features of the browser program involve 
one or more of the following: uniform resource lo- 
cators (URLs), firewall/proxy navigation under Hy- 
pertext Transfer Protocol (HTTP), proxy configura- 
tion of the browser program, HTTP authentication, 25 
Transmission Control Protocol/Internet Protocol 
(TCP/IP), Secure Sockets Layer/Transport Layer 
Security (SSUTLS), HTTP Secure (HTTPS), Inter- 
net Protocol Secure (IPSEC), and access to client 
certificates for use with security protocols. 30 

25. A method for establishing duplex communication 
between a browser application running under con- 
trol of a browser program on a client computer sys- 
tem and a server application running on a server 35 
computer system over a network, the method com- 
prising: 

registering a session listener callback function 
for the server application with a server compo- *o 
nent running on the server computer system; 
initiating through the browser application crea- 
tion of an instance of a client component to run 
on the client computer system; 
establishing through the instance of the client 
component communication over the network 
with the server computer system; 
based upon establishing communication be- 
tween the client component and the server 
computer system, creating an instance of a so 
server component to run on the server compu- 
ter system; 

notifying the server application through the ses- 
sion listener callback function of the establish- 
ment of the instance of the server component; 55 
establishing an association between the in- 
stance of the client component and the instance 
of the server component as a session and as- 



signing a session identifier to the session; 
designating a sub-session of the session as a 
data pipe of duplex data traffic between the 
browser application and the server application; 
and 

assigning a pipe identifier to the data pipe to be 
used by messages being sent through the data 
. Pipe. 

26. The method of claim 25, further comprising: 

registering a pipe listener callback function with 
the instance of the server component; 
creating an instance of a second data pipe 
through the browser application from the in- 
stance of the client component and the instance 
of the server component; and 
notifying the server application through the pipe 
listener callback function of creation of the sec- 
ond data pipe. 

27. A method of transmitting data from a client compu- 
ter system to a server computer system , the method 
comprising: 

invoking a Read function through a server ap- 
plication on the server computer system, the 
server application associated with a session 
between an instance of a client component run- 
ning on the client computer system and an in- 
stance of a server component running on the 
server computer system; 
presenting a data buffer of the server applica- 
tion to an upstream component of a data pipe 
associated with the instance of the server com- 
ponent; 

writing data from a browser application on the 
client computer system to an upstream compo- 
nent of a data pipe associated with the instance 
of the client component; 
sending an Hypertext Transfer Protocol (HTTP) 
Post along with data to the instance of the serv- 
er component; and 

sending from the instance of the server compo- 
nent either a Server Read Return or a Server 
Receive callback along with the data to the 
server application. 

28. The method of claim 27, further comprising: 

sending an HTTP Post Reply to the instance of 

the client component; and 

sending a Browser Write Return to the browser 

application. 

29. A method of transmitting data from a server com- 
puter system to a client computer system, the meth- 
od comprising: 
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invoking a Browser Read function through a 
browser application on the client computer sys- 
tem, the browser application associated with a 
session between an instance of a client com- 
ponent running on the client computer system 5 
and an instance of a server component running 
on the server computer system; 
presenting a data buffer of the browser appli- 
cation to a downstream component of a data 
pipe associated with the instance of the client 10 
component; 

writing data from a server application to a down- 
stream component of a data pipe associated 
with the instance of the server component; 
sending an Hypertext Transport Protocol (HT- *5 
TP) Get Request from the instance of the client 
component to the instance of the server com- 
ponent; 

if no data is available from the instance of the 
server component in a predetermined amount 20 
of time, sending an HTTP Get Reply with no da- 
ta from the instance of the server component to 
the instance of the client component; 
if a server application associated with the ses- 
sion sends data to the instance of the server 25 
component before or within a predetermined 
time after the HTTP Get Request is sent from 
the instance of the client component to the in- 
stance of the server component, then sending 
an HTTP Get Reply with data from the instance 30 
of the server component to the instance of the 
client component; 

sending a Server Write Return from the in- 
stance of the server component to the server 
application to return control to the server appli- 35 
cation; and 

sending a Browser Read Return from the in- 
stance of the client component to the browser 
application to return control to the browser ap- 
plication along with sending the data from the 40 
instance of the client component to the browser 
application. 

30. The method of claim 29 wherein the invoking the 

Browser Read and sending the Browser Read Re- *s 
turn is replaced by sending a Browser Receive from 
the instance of the client component to the browser 
application. 
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gram features such as related to security and navigation 
that would otherwise be specially provided. Given the 
request-response nature of many of the standard web- 
based protocols, use of standard web-based protocols 
for duplex communication has not been readily attaina- 
ble in the past. A duplex transport system to provide the 
duplex communication includes a client component run- 
ning on the client computer system and a server com- 
ponent running on the server computer system. The 
browser program controls one or more browser applica- 
tions configured to run on the client computer system. 
One or more instances of the client component and one 
or more instances of the server component are run to 
form one or more sessions each having session identi- 
fiers. Each session has one or more data pipes, which 
are sub-sessions. A particular data pipe has a pipe iden- 
tifier and provides two independent data paths of duplex 
data traffic between the browser applications that are 
communicatively linked to the instance of the client com- 
ponent and the server applications communicatively 
linked to the instance of the server component that are 
both associated with the respective session of the par- 
ticular data pipe. Messages of the duplex data traffic 
contain both session and data pipe identifiers. 
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